Passwords and Multi-Factor Authentication improve security and protect essential data of users online. However, the usage of simple and guessable passwords or compromised credentials often lead to several threats online, such as, Identity Theft, Financial Loss, etc. Irrespective of attacks, such as spear phishing attacks being present known for a long time, users still fall prey and sometimes fail to adapt to newer and safer technologies. One such technology is multi-factor authentication technology where in addition to passwords and username, users can authenticate through a second or third factor of authentication such as, One Time Passwords, SMSes, Tokens, Biometeric, etc. Our researchers investigate through detailed usability and adaptability research to understand user’s mental models and risk perception and unpack the difficulties an individual face to adapt such secure and helpful technologies. Several reasons contribute to lower security practices by an individual, including the ignorance or lack of knowledge of the users but also poor and transparent risk communication from security practitioners and organizations. Our user studies follow qualitative, quantitative, and mixed methods and provide actionable items and effective insights which contribute in improving the security practices of individuals and in turn enable protecting the online user data.
Das, S., Dingman, A., & Camp, L. J. (2018). Why Johnny Doesn’t Use Two Factor A Two-Phase Usability Study of the FIDO U2F Security Key. In 2018 International Conference on Financial Cryptography and Data Security (FC).
Das, S., Russo, G., Dingman, A. C., Dev, J., Kenny, O., & Camp, L. J. (2018, December). A qualitative study on usability and acceptability of Yubico security key. In Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust (pp. 28-39). ACM.